The number of UK businesses attacked by cybercriminals last year is actually much higher than the 2.5 million disclosed in the Cyber Security Breaches Survey 2016, according to a leading cybersecurity expert.
The survey, a collaboration between IPSOS Mori, University of Portsmouth and the Department for Culture, Media and Sport, found that hackers have attacked more than 2.5 million businesses in the last year.
However, Martijn Verbree, partner in KPMG’s cyber security practice, says: “In reality this is likely to be just the tip of the iceberg. The real number of organisations being attacked is likely much higher as most businesses do not bother to report such incidents or at worst, they do not know that they have even been breached.
According to Verbree, attacks are getting more and more personal and sophisticated, with attackers using information they can find on social media to make emails personal, for example, by referring to names of bosses or other colleagues, or even writing emails that affect the recipient emotionally (“you owe us £xxxx”) to induce them to click on links without thinking.
“It’s unfortunate, but as a result we expect that the number of such successful attacks will increase in the coming year, especially amongst smaller and medium sized companies that do not have a lot of skills and expertise in cyber security.”
To be cyber ready businesses and their staff, should stop, think and stay safe before clicking on attachments in emails. If they are in any doubt that the email is a legitimate communication from someone then don’t open the attachment, advises Verbree.
Backing up data is important in case a firm is impacted by ransomware, as well as having in place an incident response process and even possibly cyber insurance.
He also advises firms to sign up to government-backed cyber security certification schemes.